Please help me solve this external_url connundrum!

Prevent Gitlab from generating ssl keys

Pretty new to GitLab, so please bear with my noob question. I did search for an answer but could not find one that matches my need, so here goes.

In the process of installing GitLab in a docker container and I’m having the following challenge with external_url:

I have GitLab running inside docker and behind a local reverse proxy. The only access to GitLab is via an http://localhost:dddd where dddd is a port mapped to 80 in docker. The external access is via a URL that looks like https://gitlab.MyDomain.com. Since the reverse proxy is mapping https://gitlab.Mydomain.com to http://localhost:dddd, I don’t need SSL access into GitLab. For completeness sake, I also have a wildcard SSL cert that covers both MyDomain.com and gitlab.MyDomain.com

But here is my challenge: I’ve set external_url ‘https://gitlab.MyDomain.com’ and followed it by gitlab-ctl reconfigure, the reconfiguration process then tries to connect to Let’s Encrypt to get a cert for gitlab.MyDomain.com and it failed because I already have gitlab.MyDomain.com covered under the wildcard cert for MyDomain.com

So: Is there a configuration setting in gitlab.rb that will tell the configuration process not to create the certs? From what I understand I need to set external_url to ‘https://gitlab.mydomain.com’ in order for clone and maybe other responses to work properly. How can I set external_url properly without triggering the process of creating these ssl keys?

Your help and guidance is greatly appreciated!

Egan

Hi and welcome to our community!

Sounds reasonable with just mapping localhost:80 with a proxypass to the TLS termination webserver then. I just search a bit since the LetsEncrypt default was introduced somewhere in 12.x IIRC.

The docs say

do not plan on using Let’s Encrypt should set letsencrypt['enable'] = false in /etc/gitlab/gitlab.rb to disable.

Can you try that with leaving the external_url setting to https:/...?

Cheers,
Michael